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Group Risk Management Policy 


1. Purpose Statement 


Like every business, Viaplay Group AB faces numerous risks that can have a positive or 
negative impact on the achievement of our strategic and operational objectives. 


The purpose of risk management is to understand the risks we are facing and to decide 
how to best manage these. Successful risk management ensures that an optimum balance 
between risk and return is maintained and creates greater confidence among 
shareholders, customers, and employees. It also improves decision-making without 
causing loss of momentum. 


The purpose of the Risk Management Policy is to present the main principles of risk 
management within Viaplay Group and to ensure roles and responsibilities are clear. 


To ensure effective risk reduction, risk management is to be conducted in accordance 
with the principles and standards set out in Viaplay Group’s Code of Conduct. 


2. Target Group 


This Group Policy applies to all employees of subsidiaries and entities in which Viaplay 
Group exercises decisive control (directly or indirectly). 


3. Principles 


Risks are a natural part of Viaplay Group’s business. A sound risk culture is essential for 
assuring that the desired results are achieved and for safeguarding the customers, 
employees, shareholders, assets, and brands. 


In this section the key principles of risk management are described which are vital to 
maintain a sound risk culture: 


Roles and responsibilities 

e Roles and responsibilities are clear as described in section 6.1 further below 

e Employees and management feel ownership and are held accountable for their 
actions and how they mitigate risks in their respective areas. 

e An open discussion about risks and how to address these is supported by all levels 
of the organisation. 

e Employees take responsibility also for items identified outside their immediate 
responsibility area until a proper mechanism for managing the risk has been put 
in place. A “You see it, you own it” mentality. 
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Process 


Risk management is integrated into Viaplay Group’s decision making, planning 
and day-to-day business. It is embedded in the mindset of the organisation. 
There is free flow of information between all functions as well as between 
functions and the group risk management team. 

The risk management process is pragmatic and non-bureaucratic but ensures 
consistency, transparency and that subjectivity is minimised. 

Risk assessments are undertaken on a regular basis and summarized in risk 
reports. The risk reports are presented as appropriate to the Board of Directors, 
CEO, CFO, the Audit Committee, the Group Executive Team and/or 
functional/country management teams. 


Tools and supporting documents 


4, 


Available tools to report risks are easily accessible for the whole organization and 
user-friendly. Complex systems are minimised. 

When possible and sensible, a financial value is calculated to demonstrate the 
level of impact. 

The principles set out in this policy document are further detailed in the risk 
management program. 


Scope 


Viaplay Group risk management covers all relevant risks, external and internal risks, as 
well as market, financial, operational and sustainability risks. 


5. 


Risk appetite 


Risk management process helps the business achieve the optimum balance between risk 
and return. To ensure risk-taking stays at an acceptable level while pursuing its 
objectives a risk appetite has been set to SEK 30 million per year (risk-weighted impact). 
All risks with a risk-weighted value equal to or higher than SEK 30 million must be 
reviewed by CEO and CFO before the risk is accepted. 


6. 


6.1 


Roles 


Audit Committee 


Governance 


Roles and responsibilities 


Responsibilities 


Assess the effectiveness of Viaplay Group’s risk management 
program and monitor that the overall risk exposure remains 
acceptable 

e Review, and if necessary, challenge Viaplay Group’s consolidated 
risk reports 
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Board of Directors 


Approve the Risk Management Policy and Viaplay Group's 
approach to managing risks 

Ensure that there is an appropriate system for follow-up and 
control of the risks to Viaplay Group that are associated with its 
operations 


CEO 


Hold overall accountability for Viaplay Group’s risk exposure 


CEO & Group 
Executive Team 


Determine strategic approach to mitigating risk exposure 

Own the risks within their respective function 

Ensuring that employees in the function they represent are 
familiar with this Policy 

Ensure a proper risk identification and assessment process is 
undertaken within their functions as per Viaplay Group’s risk 
program 

Ensure risk mitigation actions for risks within respective 
functions are timely implemented 

Discuss risks pertaining to their functions on a regular basis (e.g. 
during management team meetings) 

Build a risk-aware culture within their functions 

Report, communicate and record risks appropriately as per 
Viaplay Group's risk program 

Responsible for communicating and enforcing this Policy 
Review key risk reports to ensure a group-wide perspective is 
considered 


CFO 


Support and control the effective management of risks through 
the risk management program 

Ensure accurate financial data is provided and support CEO in 
reviewing Viaplay’s Group risk exposure 

Viaplay Group’s Chief Financial Officer is ultimately accountable 
for this Policy 


Group Risk 
Management 


Develop, implement and maintain the risk management program 
Maintain oversight of risk information 

Ensure effectiveness of the risk management program 

Develop, deliver and manage the risk review process as per 
Viaplay Group risk management program 

Prepare risk reports to CFO, CEO, Group Executive Team, Audit 
Committee, and the Board of Directors as appropriate 

Review and, if necessary, update the Risk Management Policy on 
a yearly basis 

Provide advice or guidance on risk issues raised by managers or 
employees 

Monitor and analyse group-wide risks reported by the functions 
and ensure the risks are communicated to relevant parties 
Escalate issues to the CEO and CFO when required 


Internal Audit 


Provide independent review of implementation of controls and 
mitigations 
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e Provide third-line defence by carrying out analysis and 
independent appraisal of risk management systems 


e Comply with this policy 

Employees Foe cee meet 

e Recognise risks within their area of expertise and communicate 
them to relevant parties 

e Report any identified risk as necessary even if it fall out of his/her 
area or expertise 

e Individual employees may be responsible for implementation of 
risk-mitigating activities 


7. References 


e Code of Conduct 


8. Document History and Change Information 


For more details of this Group Policy’s document history and change information, see 
Appendix 1. 
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Appendix 1 - Document History and Change Information 


Version Revision Date Change information 


1 2018-06-15 Initial Group Policy 

2 2019-09-23 Annual review of policy. Changes made according to restructure 
of risk and security function 

2.1 2019-11-12 Minor edits. 

3 2020-09-03 Annual review of policy and minor edits 

4 2021-09-21 Major restructure and simplification of document. 

5 2022-09-22 Edits to reflect responsibilities of the Governance, Risk and 


Compliance (GRC) Committee have been taken over by other 
parties since the GRC has discontinued. Changes include e.g. that 
CEO has taken over the responsibility “Hold overall 
accountability for Viaplay Group’s risk exposure” (section 6). 


The risk appetite figure has changed from 10m SEK to 30m SEK 
(section 5). 
6 2023-09-21 Minor edits. 


